/* 
 *  Created By: Mike Stevens
 *  Project URL: http://www.codeplex.com/sitesecuritymgmt
 *  License: GNU GPL v2
 *  Copyright (C) 2008 Mike Stevens
 * 
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 * 
 */
using System;
using Microsoft.SharePoint;


namespace SiteSecurityManagement.Service.SharePoint
{
    internal class SPListItemSecurity:SPObjectSecurity
    {
        #region Members
        private SPListItem m_listItem;
        #endregion

        #region Constructor/Destructor
        public SPListItemSecurity(SPListItem listItem)
        {
            m_listItem = listItem;
        }

        public new void Dispose()
        {
            m_listItem.ParentList.ParentWeb.Dispose();
        }
        #endregion

        #region Properties
        #endregion

        #region Methods
        public override SPWeb GetSite()
        {
            return m_listItem.ParentList.ParentWeb;
        }

        /// <summary>
        /// Does the user have permission.
        /// </summary>
        /// <param name="user">The user.</param>
        /// <param name="permission">The permission.</param>
        /// <returns>true if user has permission, false otherwise</returns>
        public override bool DoesUserHavePermission(string user, SPBasePermissions permission)
        {
            SPUser spuser = this.GetUser(m_listItem.ParentList.ParentWeb, user);
            return m_listItem.DoesUserHavePermissions(spuser, permission);
        }

        /// <summary>
        /// Check if item inherits security
        /// </summary>
        /// <returns>true if item does not inherit security, false if item inherits security</returns>
        public override bool DoesNotInheritSecurity()
        {
            return m_listItem.HasUniqueRoleAssignments;
        }

        /// <summary>
        /// Clears the security.
        /// </summary>
        public override void ClearSecurity()
        {
            try
            {
                m_listItem.ParentList.ParentWeb.AllowUnsafeUpdates=true;
                m_listItem.ParentList.ParentWeb.Site.WebApplication.FormDigestSettings.Enabled = false;

                for (int i = 0; i < m_listItem.RoleAssignments.Count; i++)
                {
                    m_listItem.RoleAssignments.Remove(i);
                }

                m_listItem.ParentList.ParentWeb.Site.WebApplication.FormDigestSettings.Enabled = true;
            }
            catch (InvalidOperationException e)
            {
                throw e;
            }
        }

        /// <summary>
        /// Enable or disable inheritance.
        /// </summary>
        /// <param name="inheritFlag"></param>
        /// <param name="copyPermissions">If disabling inheritance, true copies permissions</param>
        public override void SetInheritance(bool inheritFlag, bool copyPermissions)
        {
            m_listItem.ParentList.ParentWeb.AllowUnsafeUpdates=true;
            m_listItem.ParentList.ParentWeb.Site.WebApplication.FormDigestSettings.Enabled = false;

            if (true == inheritFlag)
            {
                m_listItem.ResetRoleInheritance();
            }
            else
            {
                m_listItem.BreakRoleInheritance(copyPermissions);
            }
            m_listItem.Update();

            m_listItem.ParentList.ParentWeb.Site.WebApplication.FormDigestSettings.Enabled = true;
        }

        /// <summary>
        /// Set the security of the object to the role specified
        /// </summary>
        /// <param name="secObject">SPPrincipal contains a user or a group</param>
        /// <param name="roleDef">The role as defined by the Site Role Definitions</param>
        private void SetSecurity(SPPrincipal secObject, SPRoleDefinition roleDef)
        {
            m_listItem.ParentList.ParentWeb.AllowUnsafeUpdates=true;
            m_listItem.ParentList.ParentWeb.Site.WebApplication.FormDigestSettings.Enabled = false;

            SPRoleAssignment role = new SPRoleAssignment(secObject);
            role.RoleDefinitionBindings.Add(roleDef);
            m_listItem.RoleAssignments.Add(role);
            m_listItem.Update();

            m_listItem.ParentList.ParentWeb.Site.WebApplication.FormDigestSettings.Enabled = true;
        }

        /// <summary>
        /// Sets the security.
        /// </summary>
        /// <param name="group">The group.</param>
        /// <param name="roleDef">The role def.</param>
        public override void SetSecurity(SPGroup group, SPRoleDefinition roleDef)
        {
            SetSecurity(group, roleDef);
        }

        /// <summary>
        /// Sets the security.
        /// </summary>
        /// <param name="user">The user.</param>
        /// <param name="roleDef">The role def.</param>
        public override void SetSecurity(SPUser user, SPRoleDefinition roleDef)
        {
            SetSecurity(user, roleDef);
        }
        #endregion
    }
}
